The AICPA SOC 2 report has become a go-to standard for organizations to assess their IT controls. Since some vendors submit SOC 2 reports as risk assessments, interpreting the reports can be complex, time-consuming, and inconsistent with how other vendors are assessed. So, how can you simplify the process of analyzing SOC 2 reports – and break them down into consistent and actionable metrics?

In this on-demand webinar, compliance experts Sophie Pothecary and Thomas Humphreys explore how to use SOC 2 reports in your third-party risk management (TPRM) program and discuss strategies to analyze and leverage the reports to measure your program's success.

Join Sophie and Thomas as they:

• Deconstruct a typical SOC 2 report
• Discuss how to map SOC 2 report control exceptions into risks in a common vendor risk and security framework
• Examine ways to translate this framework into actionable key performance indicators (KPIs) and key risk indicators (KRIs)

With more third-party vendors and suppliers providing SOC 2 reports in place of complete risk assessments, this webinar will help you understand how to use these reports in your TPRM program effectively.